More results...
Russian antiwar activists placed their faith in Telegram, a supposedly secure messaging app. How does Putin’s regime seem to know their every move? From a report: Matsapulina’s case [anecdote in the story] is hardly an isolated one, though it is especi…
The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.
The post Cyber Insights 2023: Quantum Computing and the Coming Cryptopocalypse appeared first on SecurityWeek.
Nantucket’s public schools shut its doors to students and teachers after a data encryption and extortion attack on its computer systems.
The post Ransomware Leads to Nantucket Public Schools Shutdown appeared first on SecurityWeek.
Akamai researchers have published a PoC exploit for a critical vulnerability (CVE-2022-34689) in Windows CryptoAPI, which validates public key certificates. “An attacker could manipulate an existing public x.509 certificate to spoof their identit…
Quantum computing poses a great opportunity but also a great threat to internet security; certain mathematical problems that form the basis of today’s most popular cryptographic algorithms will be much easier to solve with quantum than with “classical”…
Apple has released security updates for macOS, iOS, iPadOS and watchOS, patching – among other things – a type confusion flaw in the WebKit component (CVE-2022-42856) that could be exploited for remote code execution on older iPhones and iP…
A group of Swiss researchers have published an impressive security analysis of Threema.
We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers. We present seven different attacks against the protocol in three different threat models. As one example, we present a cross-protocol attack which breaks authentication in Threema and which exploits the lack of proper key separation between different sub-protocols. As another, we demonstrate a compression-based side-channel attack that recovers users’ long-term private keys through observation of the size of Threema encrypted back-ups. We discuss remediations for our attacks and draw three wider lessons for developers of secure protocols…
Apple today announced that Advanced Data Protection is expanding beyond the United States. MacRumors reports: Starting with iOS 16.3, the security feature will be available globally, giving users to option to enable end-to-end encryption for many addit…
Last month, CircleCI urged users to rotate their secrets following a breach of the company’s systems. The company confirmed in a blog post on Friday that some customers’ data was stolen in the breach. While the customer data was encrypted, cybercrimina…
The quality of protected communications matters – a lot. If the sent material is highly sensitive and the legislation and/or policy demands high security, opportunistic encryption might not be enough. For organizations, deciding what email encryp…